Invisible security risk on networks

An often overlooked area when securing a network is device configuration scripts.

An invisible security weakness is lurking in most corporate networks in the form of millions of lines of code that represent the configuration scripts for all the devices on the network.

With corporate networks averaging 15 devices for every 100 users, ensuring accurate configurations has become a major challenge for network managers. Until now, manual processes or home-grown tools were the only options for configuration debugging.

Enter Telcordia, which is selling a new product called IP Assure that automatically debugs the configurations on IP devices including routers, switches, firewalls and load balancers. IP Assure checks configurations for 750 parameters to ensure accuracy, implementation of best practices and compliance with an organization’s security policies.

Rajesh Talpade, chief scientist with Telcordia, says misconfigured network gear is a universal problem. When Telcordia analyzed 1,500 multi-vendor routers, switches and firewalls on eight corporate networks, it found errors in all the devices.

“We’ll ask a company to give us 50 configuration files that we’ll analyze at no cost,” Talpade says. “We
always find something wrong.”

Misconfigured network gear represents a major security threat. Gartner estimates that 65% of cyberattacks exploit misconfigured systems.

Network performance and reliability also are affected by misconfigured gear, with Yankee Group estimating that 62% of IP network downtime is due to configuration errors.

The most common configuration mistakes are holes in firewalls, backup links that don’t work, VPN tunneling errors that expose data to the Internet, and inconsistent settings that impact quality of service for voice traffic. (Source: Hidden threats on corporate networks: Misconfigured gears – CIO)

The key to remember: an intruder needs only one way in.

Related articles by Zemanta

• How to be a (safe) Wi-Fi warrior (money.cnn.com)
• Juniper introduces Adaptive Threat Management (infoworld.com)
• The Easy Guide To Computer Networks [PDF] (makeuseof.com)
• Enterprises cut costs with open-source routers (computerworld.com)